ISO 42001 is the AI-specific cousin of 27001. Where 27001 is about information security broadly, 42001 is about the management practices a vendor needs when AI is part of the product, model governance, training data oversight, output validation, bias monitoring, lifecycle management.
It is new (published 2023) and uncommon (few vendors are certified yet in 2026). The compliance signal it carries is correspondingly high, a vendor with 42001 is making a deliberate statement that AI is a first-class concern in their security posture, not an afterthought.
For an SME buyer the practical question is whether the vendor is on a serious path toward 42001, with target dates and an external auditor engaged. A vendor that has not heard of 42001 has not done the work.
Vorel's ISO 42001 certification is in progress, expected Q1 2027, with auditors engaged.

